Hacker News .hnnew | past | comments | ask | show | jobs | submitlogin

Yes, but if ads do it, that would at worst make the ad server vulnerable, not your server.


You apparently understand less than me. The little I do understand is that CORS is protection for a site's user, not the site.


It's a protection of site's business model.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: